An easy method of detecting Tomcat is by requesting the /manager/html page. Once you have made the request, the server will respond with an HTTP code 401 Unauthorized reply with a WWW-Authenticate HTTP header:
As you can see in the preceding screenshot, this specific header will have a Tomcat Manager Application string set to it and by using this header, we will be able to detect whether the target server has Tomcat installed.